Security & policies

Augusta University's Information Security Office (ISO) will respond to and investigate
incidents related to misuse or abuse of Augusta University information and information
technology resources. This includes computer and network security breaches, unauthorized
disclosure or modification of institutional or personal data, and security credential
malware phishing.

Protect your data

REPORT A SECURITY INCIDENT

Lost / Stolen Device - Lost or stolen AU/MC device should be reported immediately
to Public Safety and the IT Help Desk. Once reported, complete the online form to report compromised data.;

Malicious Software Detection - If your computer gets infected with virus, adware/spyware,
or other malicious software, contact IT Help Desk at 706-721-4000 / 706-721-7500 or
submit a ticket through web portal at SUPPORT.UCERN.COM

Avoid clicking on hyperlinks in emails from senders you do not recognize and forward
the email to stopspam@augusta.edu for further investigation.

How do I spot a phish? - Be aware of any attachments, links, grammatical errors,
spelling mistakes, sender address, sense of urgency, and things that sound too good
to be true.

Not all external emails are phishing scams; however, we have implemented [EXTERNAL] flag
in subject line of email messages that come from outside sources. In addition to the [EXTERNAL]
flag, you can see a description within email message pane “This is an external email.
Use caution responding, opening attachments and following links.” These measures
are in place so you can be cautious of messages from outside the institute.

How do I forward phishing email to Information Security?

To forward suspicious or phishing email:

Create a new message 2. Drag your phishing email into a new message box 3. In a subject line of the email type “Reporting suspicious email” 4. Enter day and time your received the email. 5. Click Send. 6. Delete the suspicious email.

Before you transmit Protected Health Information ensure you have met the requirements
of HIPAA, including whether you need a business associate agreement. Refer to Secure Transmission of PHI Policy for more information and BAA Flowchart.

Send Secure Email

To send secure email message put the word 'secure' in the subject line of the message.
Visit the email page to learn more and see specific examples.

Send via MOVEit

Send Larger Files Securely via MOVEit - Augusta University’s MOVEit utility allows
you to easily transfer larger files up to 10 GB in size to anyone using a standard
web browser. MOVEit file transfer site can be located at https://mft.augusta.edu

RISK ASSESSMENTS

Purchase of new IT products or systems AU Information Security is responsible for ensuring the quality of systems and protecting
University’s data. IT Security office is available to assist in any project that
needs upgrading or new implementations and assisting in assessment process to conduct
risk analysis.

The Security Authority submits a VPN access request for the NetID through Service
Now.

The request routes to the ISO for approval.

Upon approval, the request is routed to Networking for fulfillment and connection
instructions are provided to the requestor.

Note: The Security Authority will need to request any additional service/application
access for the new NetID through Service Now. Vendor accounts are granted access for
a maximum of 180 days. The Security Authority may request reactivation of account
by contacting the Service Desk. ISO approval is not required for reactivations.

Scenario - 2

Vendors requiring short term VPN access to a single system (IP address).

The sponsoring department Security Authority would need to submit a VPN access request
through Service Now and attach the completed Vendor-VPN Request. (See Form Attached
Below)

The request routes to the ISO for approval.

Upon approval, the request is routed to Technical Operations for vendor account creation.

Technical operations then routes the request to Networking for fulfillment and account
information and connection instructions are provided to the requestor (vendor), sponsor,
and Information Security.

Note: Vendor accounts are granted access for a maximum of 180 days. The Security
Authority may request reactivation of account by contacting the Service Desk. ISO
approval is not required for reactivations.

Two-FACTOR AUTHENTICATION

What is Two-Factor Authentication? Two-factor authentication requires something you know (your NetID password) and something
you have (like a mobile phone, landline phone or a smartphone app) as an added layer
of security to prevent anyone else from accessing your account. Two-factor authentication
is the most effective method of account takeover prevention, helping to protect both
you and the AU community.

Passwords are essential for security and privacy, but they are often not enough. They
can be stolen, guessed, or hacked. You might not even know who else has your password
and is accessing your account. Two-factor authentication adds a second layer of security
to your account to make sure that it stays safe, even if someone else knows your password,
by using your phone or other device to verify your identity. You will be alerted right
away (on your phone - mobile or landline - or tablet) if someone tries to log in using
your password. This prevents anyone but you from accessing your accounts.

How do I enroll in Duo? Visit the Duo page for registration steps and FAQs.

The Payment Card Industry Data Security Standards (PCI DSS) consist of necessary requirements that every merchant, financial institutions must
meet in order to protect their customer’s cardholder data. Compliance to the PCI
DSS is mandatory for all organizations that store, process and transmit cardholder
data in order to allow their users to carry out secure card transactions.

Technology Policies

Augusta University has technology policies for faculty, staff and students. Please
keep the following in mind when using technologies provided by the university.